Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mehrfacher Befall BKA Trojaner (https://www.trojaner-board.de/128990-mehrfacher-befall-bka-trojaner.html)

Hogrebe05 03.01.2013 12:50
Mehrfacher Befall BKA Trojaner
 
Hallo Forumuser,

also ich möchte mich schonmal im Voraus für jede Hilfe und tatkräftige Mitarbeit bedanken. Ich werde mir größte mühe geben täglich vorbei zu schauen bis wir vielleicht gemeinsam eine Lösung für das Problem finden.

So nun das Problem. Ich hatte jetzt schon ein paarmal den BKA-Trojaner. Ich hatte daraufhin im Internet nachgeschaut und bin immer auf die Lösung gekommen, den PC im Abgesicherten Modus zu starten und unter Eingabe von msconfig, nach etwas verdächtigen ausschau zu halten. Das hatte auch soweit geklappt. Nur es lies sich kein Kaspersky installieren bzw starten :heulen:.

Wie gesagt der BKA Trojaner ist jetzt schon öfters gekommen und ihn einfach nur immer abstellen ist glaube ich die ungesündeste alternative.
Mein Ziel ist es diesen Virus komplett auszuradieren und Das schöne Kaspersky zum laufen kriegen.

Ich hoffe das Ihr mir hierbei helfen könnt. Und bitte nicht übel nehmen, aber ich bin nicht der mega PC-Crack :singsing:

Nochmal vielen Dank im Voraus.

Sorry noch vergessen. Ich habe Win7 auf dem PC

Psychotic 03.01.2013 13:10
Mehrfacher Befall BKA Trojaner
 
:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.


Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.




Ist das Win7 32- oder 64bit?

Marius war schneller

Zitat:
unter Eingabe von msconfig, nach etwas verdächtigen ausschau zu halten. Das hatte auch soweit geklappt.
Lesen !!

Hogrebe05 03.01.2013 13:25
@Larusso: Habe glaube nicht alles verstanden aber danke.

@Psychotic: wenn ich mit dir zusammen das System neu aufsetzen sollte. Könnte mann vorher einzelne Dateien sichern und hinterher wieder Gefahrlos aufspielen?
Falls wir das System neu aufspielen sollten: Es ist ein selbst zusammengestellter PC von Atelco mit deren Betriebssystem. Ob ich dafür eine CD habe müsste ich heute abend dann nach dwer Arbeit erst checken.

Psychotic 03.01.2013 13:31
Wenn du das System neu aufsetzen willst, kannst du vorher Dateien, welche du behalten willst, sichern und nach erfolgter Prüfung auf das frische System zurückspielen, ja.

Hogrebe05 03.01.2013 13:37
Kann es denn sein das ich dann eventuell Virenbefallene Dateien wieder aufspiele?
Das wäre nämlich genau das was ich nicht möchte.
Sonst würde ich auch eine bereinigung mit euch angehen.

Psychotic 03.01.2013 13:42
Solange du nur nicht ausführbare Dateien (wie z.B. Dokumente, Bilder, Musikstücke, Videos, usw.) sicherst, besteht keine Gefahr. Zudem kann das Sicherungsmedium auf Infektionen geprüft werden.

Ausführbare Dateien darfst du nicht sichern, da diese ein hohes Risiko einer Neuinfektion beinhalten.

Der bei dir aufgetretene Schädling lässt sich problemlos bereinigen.

Hogrebe05 03.01.2013 13:46
Okay wenn dieser sich beseitigen lässt, dann sehr gerne. Was ist denn der erste beziehungsweise die ersten Schritte dich heute Abend schonmal erledigen könnte?

Psychotic 03.01.2013 13:54
Ist es ein 32- oder 64bit Windows 7?

Hogrebe05 03.01.2013 14:06
Also ich bin mir zu 99% sicher das es 64 bit windows 7 ist. Aber ich schaue bevor ich etwas machen noch einmal nach :)

Psychotic 03.01.2013 14:09
FRST64


Downloade dir bitte Farbar's Recovery Scan Tool x64 und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Hogrebe05 03.01.2013 15:40
Also. Habe es nach der Anleitung oben gemacht. Wenn ich allerdings auf Computer reparieren drücke, fährt er normal ins Windows hoch :(
Eine Windows CD habe ich leider nicht. Was könnte ich den machen?

Psychotic 03.01.2013 16:03
DDS



Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com
dds.exe
  • Starte bitte dds mit einem Doppelklick.
  • Der Desktop wird verschwinden, das ist normal.
  • Setze bitte einen Haken bei
    • dds.txt ( Sollte angehakt sein )
    • attach.txt
    Ändere keine Einstellungen ohne Anweisung
  • Wenn der Scan beendet ist, wird DDS 2 Logfiles auf deinem Desktop erstellen:
    • dds.txt
    • attach.txt
Bitte poste beide Logfiles in deiner nächsten Antwort.

Hogrebe05 03.01.2013 16:08
So da hab ich es schon :)
einmal der dds.txt
DDS Logfile:
Code:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.5.1
Run by Robert at 16:05:38 on 2013-01-03
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8169.6399 [GMT 1:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ctfmon.lnk - C:\ProgramData\lsass.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{79960DC6-6B23-426B-BE58-1A8023912723} : DHCPNameServer = 192.168.2.1 192.168.2.1
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\793hoo6h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-22 21:22; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\793hoo6h.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-8-12 283200]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54104]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 218880]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-21 382824]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2010-12-8 122856]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2010-12-8 369640]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-10-27 38248]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-10-27 301680]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-10-27 31080]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-10-27 203624]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-10-27 58992]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-10-27 156520]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-10-27 279152]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29528]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-10-28 410184]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-10-28 341832]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-10-28 22408]
R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2011-10-28 30728]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-10-28 16008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-10-27 55336]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-30 24904]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-30 655944]
.
=============== Created Last 30 ================
.
2013-01-01 11:33:23        9125352        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A810AB41-C49B-447C-A60E-ED1C56F64E9A}\mpengine.dll
2012-12-27 12:24:17        225280        ----a-w-        C:\Users\Robert\wgsdgsdgdsgsd.exe
2012-12-27 09:45:19        --------        d-----w-        C:\Users\Robert\AppData\Local\Macromedia
2012-12-27 09:24:34        697272        ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-20 20:35:31        46080        ----a-w-        C:\Windows\System32\atmlib.dll
2012-12-20 20:35:31        34304        ----a-w-        C:\Windows\SysWow64\atmlib.dll
2012-12-20 20:35:30        367616        ----a-w-        C:\Windows\System32\atmfd.dll
2012-12-20 20:35:30        295424        ----a-w-        C:\Windows\SysWow64\atmfd.dll
2012-12-14 14:56:55        --------        d-----w-        C:\Users\Robert\AppData\Local\My Games
2012-12-14 14:41:54        --------        d-----w-        C:\Users\Robert\AppData\Local\Ubisoft Game Launcher
2012-12-13 16:49:18        2048        ----a-w-        C:\Windows\SysWow64\tzres.dll
2012-12-13 16:48:56        478208        ----a-w-        C:\Windows\System32\dpnet.dll
2012-12-13 16:48:56        376832        ----a-w-        C:\Windows\SysWow64\dpnet.dll
2012-12-13 16:46:33        --------        d-----w-        C:\Users\Robert\AppData\Roaming\GetRightToGo
.
==================== Find3M  ====================
.
2012-12-28 17:17:19        281688        ----a-w-        C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-28 17:17:19        281688        ----a-w-        C:\Windows\SysWow64\PnkBstrB.exe
2012-12-27 10:01:35        73656        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-15 09:29:59        281688        ----a-w-        C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-14 14:32:57        76888        ----a-w-        C:\Windows\SysWow64\PnkBstrA.exe
2012-12-02 14:41:55        18960        ----a-w-        C:\Windows\System32\drivers\LNonPnP.sys
2012-11-22 05:17:35        63336        ----a-w-        C:\Windows\System32\nvshext.dll
2012-11-22 05:17:35        3635277        ----a-w-        C:\Windows\System32\nvcoproc.bin
2012-11-22 05:17:34        890216        ----a-w-        C:\Windows\System32\nvvsvc.exe
2012-11-22 05:17:34        2557800        ----a-w-        C:\Windows\System32\nvsvcr.dll
2012-11-22 05:17:34        118120        ----a-w-        C:\Windows\System32\nvmctray.dll
2012-11-22 05:17:06        3311464        ----a-w-        C:\Windows\System32\nvsvc64.dll
2012-11-22 05:17:02        6223208        ----a-w-        C:\Windows\System32\nvcpl.dll
2012-11-22 03:26:40        3149824        ----a-w-        C:\Windows\System32\win32k.sys
2012-11-21 17:27:28        438632        ----a-w-        C:\Windows\SysWow64\nvStreaming.exe
2012-11-14 06:11:44        2312704        ----a-w-        C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11        1392128        ----a-w-        C:\Windows\System32\wininet.dll
2012-11-14 06:02:49        1494528        ----a-w-        C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46        599040        ----a-w-        C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35        173056        ----a-w-        C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40        2382848        ----a-w-        C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22        1800704        ----a-w-        C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15        1427968        ----a-w-        C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37        1129472        ----a-w-        C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25        142848        ----a-w-        C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27        420864        ----a-w-        C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42        2382848        ----a-w-        C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09        2048        ----a-w-        C:\Windows\System32\tzres.dll
2012-10-16 08:38:37        135168        ----a-w-        C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34        350208        ----a-w-        C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52        561664        ----a-w-        C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13        55296        ----a-w-        C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13        226816        ----a-w-        C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31        44032        ----a-w-        C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31        193536        ----a-w-        C:\Windows\SysWow64\dhcpcore6.dll
.
============= FINISH: 16:06:10,76 ===============
--- --- ---

und der attach.txt
Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 17.10.2011 15:51:16
System Uptime: 03.01.2013 16:02:45 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P8P67 REV 3.1
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 244 GiB total, 83,167 GiB free.
D: is FIXED (NTFS) - 687 GiB total, 304,702 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
H: is FIXED (NTFS) - 298 GiB total, 185,636 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP202: 14.12.2012 15:24:35 - Installiert Far Cry 3
RP203: 16.12.2012 19:00:40 - Windows-Sicherung
RP204: 18.12.2012 17:18:14 - Windows Update
RP205: 20.12.2012 21:35:21 - Windows Update
RP206: 25.12.2012 18:19:43 - Windows Update
RP207: 25.12.2012 18:26:09 - Windows-Sicherung
RP208: 30.12.2012 19:00:41 - Windows-Sicherung
RP209: 01.01.2013 12:32:58 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Battlefield 3™
Battlelog Web Plugins
Bluetooth Win7 Suite (64)
Bonjour
BurnAware Free 4.6
Call of Duty: Black Ops - Multiplayer
Call of Duty: Black Ops II
Call of Duty: Black Ops II - Multiplayer
Call of Duty: Black Ops II - Zombies
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: Modern Warfare 3 - Multiplayer
CDBurnerXP
DAEMON Tools Lite
eReg
ESN Sonar
Far Cry 3
GamersFirst LIVE!
Google Chrome
Intel(R) Management Engine Components
iTunes
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Kaspersky Internet Security 2013
Logitech Gaming Software 8.12
Logitech SetPoint 6.32
Malwarebytes Anti-Malware Version 1.62.0.1300
marvell 91xx driver
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010
Microsoft Office Klick-und-Los 2010
Microsoft Office Starter 2010 - Deutsch
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 8.0.1 (x86 de)
NVIDIA 3D Vision Controller-Treiber 310.64
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Treiber 310.64
NVIDIA Grafiktreiber 310.64
NVIDIA HD-Audiotreiber 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 310.64
NVIDIA Update 1.11.3
NVIDIA Update Components
OpenAL
Origin
Pando Media Booster
PDF-XChange Viewer
PDFCreator
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Spec Ops The Line
Steam
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Uplay
VLC media player 2.0.3
WinRAR 4.01 (64-Bit)
.
==== End Of File ===========================
Ich hoffe das war jetzt richtig so.

Psychotic 03.01.2013 16:15
Schritt 1: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.




Schritt 2: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

Hogrebe05 03.01.2013 16:35
Also bei aswmbr kam raus
Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-03 16:17:41
-----------------------------
16:17:41.799    OS Version: Windows x64 6.1.7601 Service Pack 1
16:17:41.799    Number of processors: 8 586 0x2A07
16:17:41.799    ComputerName: DOWNBOY-PC  UserName: Robert
16:17:42.115    Initialize success
16:18:42.116    AVAST engine defs: 13010300
16:18:57.703    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:18:57.706    Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 11
16:18:57.716    Disk 0 MBR read successfully
16:18:57.719    Disk 0 MBR scan
16:18:57.724    Disk 0 Windows 7 default MBR code
16:18:57.730    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:18:57.741    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      249899 MB offset 206848
16:18:57.763    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      703868 MB offset 512000000
16:18:57.794    Disk 0 scanning C:\Windows\system32\drivers
16:19:04.602    Service scanning
16:19:17.687    Modules scanning
16:19:17.695    Disk 0 trace - called modules:
16:19:17.710    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:19:18.038    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c80790]
16:19:18.044    3 CLASSPNP.SYS[fffff88001e5143f] -> nt!IofCallDriver -> [0xfffffa80075d0520]
16:19:18.050    5 ACPI.sys[fffff88000f607a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80075c8680]
16:19:18.868    AVAST engine scan C:\Windows
16:19:20.119    AVAST engine scan C:\Windows\system32
16:20:52.008    AVAST engine scan C:\Windows\system32\drivers
16:20:59.012    AVAST engine scan C:\Users\Robert
16:27:18.667    File: C:\Users\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\331fd5cb-52b85284  **INFECTED** Win32:Rootkit-gen [Rtk]
16:30:02.067    File: C:\Users\Robert\wgsdgsdgdsgsd.exe  **INFECTED** Win32:Rootkit-gen [Rtk]
16:30:02.290    AVAST engine scan C:\ProgramData
16:30:26.711    Scan finished successfully
16:30:37.910    Disk 0 MBR has been saved successfully to "C:\Users\Robert\Desktop\MBR.dat"
16:30:37.913    The log file has been saved successfully to "C:\Users\Robert\Desktop\aswMBR.txt"
und beim tdsskiller
Code:
16:31:48.0009 1676  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:31:48.0208 1676  ============================================================
16:31:48.0208 1676  Current date / time: 2013/01/03 16:31:48.0208
16:31:48.0209 1676  SystemInfo:
16:31:48.0209 1676 
16:31:48.0209 1676  OS Version: 6.1.7601 ServicePack: 1.0
16:31:48.0209 1676  Product type: Workstation
16:31:48.0209 1676  ComputerName: DOWNBOY-PC
16:31:48.0209 1676  UserName: Robert
16:31:48.0209 1676  Windows directory: C:\Windows
16:31:48.0209 1676  System windows directory: C:\Windows
16:31:48.0209 1676  Running under WOW64
16:31:48.0209 1676  Processor architecture: Intel x64
16:31:48.0209 1676  Number of processors: 8
16:31:48.0209 1676  Page size: 0x1000
16:31:48.0209 1676  Boot type: Normal boot
16:31:48.0209 1676  ============================================================
16:31:49.0022 1676  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:31:49.0025 1676  Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:31:49.0026 1676  ============================================================
16:31:49.0026 1676  \Device\Harddisk0\DR0:
16:31:49.0027 1676  MBR partitions:
16:31:49.0027 1676  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:31:49.0027 1676  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1E815800
16:31:49.0027 1676  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E848000, BlocksNum 0x55EBE000
16:31:49.0027 1676  \Device\Harddisk1\DR1:
16:31:49.0027 1676  MBR partitions:
16:31:49.0027 1676  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
16:31:49.0027 1676  ============================================================
16:31:49.0051 1676  C: <-> \Device\Harddisk0\DR0\Partition2
16:31:49.0083 1676  D: <-> \Device\Harddisk0\DR0\Partition3
16:31:49.0522 1676  H: <-> \Device\Harddisk1\DR1\Partition1
16:31:49.0522 1676  ============================================================
16:31:49.0522 1676  Initialize success
16:31:49.0522 1676  ============================================================
16:31:56.0617 0940  ============================================================
16:31:56.0617 0940  Scan started
16:31:56.0617 0940  Mode: Manual;
16:31:56.0617 0940  ============================================================
16:31:57.0415 0940  ================ Scan system memory ========================
16:31:57.0415 0940  System memory - ok
16:31:57.0416 0940  ================ Scan services =============================
16:31:57.0522 0940  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
16:31:57.0525 0940  1394ohci - ok
16:31:57.0539 0940  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:31:57.0543 0940  ACPI - ok
16:31:57.0557 0940  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
16:31:57.0557 0940  AcpiPmi - ok
16:31:57.0651 0940  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:31:57.0655 0940  AdobeFlashPlayerUpdateSvc - ok
16:31:57.0675 0940  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
16:31:57.0681 0940  adp94xx - ok
16:31:57.0694 0940  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
16:31:57.0699 0940  adpahci - ok
16:31:57.0704 0940  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
16:31:57.0707 0940  adpu320 - ok
16:31:57.0728 0940  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
16:31:57.0729 0940  AeLookupSvc - ok
16:31:57.0765 0940  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
16:31:57.0770 0940  AFD - ok
16:31:57.0786 0940  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:31:57.0787 0940  agp440 - ok
16:31:57.0807 0940  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
16:31:57.0808 0940  ALG - ok
16:31:57.0812 0940  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:31:57.0812 0940  aliide - ok
16:31:57.0816 0940  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:31:57.0816 0940  amdide - ok
16:31:57.0821 0940  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
16:31:57.0822 0940  AmdK8 - ok
16:31:57.0826 0940  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:31:57.0828 0940  AmdPPM - ok
16:31:57.0860 0940  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
16:31:57.0861 0940  amdsata - ok
16:31:57.0877 0940  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:31:57.0880 0940  amdsbs - ok
16:31:57.0895 0940  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
16:31:57.0895 0940  amdxata - ok
16:31:57.0908 0940  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
16:31:57.0909 0940  AppID - ok
16:31:57.0927 0940  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:31:57.0928 0940  AppIDSvc - ok
16:31:57.0941 0940  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
16:31:57.0943 0940  Appinfo - ok
16:31:58.0005 0940  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:31:58.0006 0940  Apple Mobile Device - ok
16:31:58.0011 0940  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\drivers\arc.sys
16:31:58.0012 0940  arc - ok
16:31:58.0028 0940  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:31:58.0030 0940  arcsas - ok
16:31:58.0059 0940  [ E1E75921E9EB025009696D4837F531FB ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
16:31:58.0061 0940  asmthub3 - ok
16:31:58.0075 0940  [ B0CF9AB16006B61634D4F955345CA5D2 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
16:31:58.0078 0940  asmtxhci - ok
16:31:58.0096 0940  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:31:58.0096 0940  AsyncMac - ok
16:31:58.0105 0940  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
16:31:58.0105 0940  atapi - ok
16:31:58.0129 0940  [ AAAE03F8EDA817EC28C5445193EA8BF3 ] AthBTPort      C:\Windows\system32\DRIVERS\btath_flt.sys
16:31:58.0130 0940  AthBTPort - ok
16:31:58.0134 0940  [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys
16:31:58.0135 0940  ATHDFU - ok
16:31:58.0165 0940  [ C34B28D6285EAD94B3A2FABA84E90DA5 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
16:31:58.0167 0940  AtherosSvc - ok
16:31:58.0187 0940  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:31:58.0195 0940  AudioEndpointBuilder - ok
16:31:58.0206 0940  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:31:58.0211 0940  AudioSrv - ok
16:31:58.0270 0940  [ F1CA8ED683D6945EFDC4492AB60B1460 ] AVP            C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
16:31:58.0272 0940  AVP - ok
16:31:58.0293 0940  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:31:58.0295 0940  AxInstSV - ok
16:31:58.0326 0940  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
16:31:58.0332 0940  b06bdrv - ok
16:31:58.0351 0940  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:31:58.0355 0940  b57nd60a - ok
16:31:58.0384 0940  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:31:58.0385 0940  BDESVC - ok
16:31:58.0409 0940  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:31:58.0409 0940  Beep - ok
16:31:58.0435 0940  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
16:31:58.0443 0940  BFE - ok
16:31:58.0471 0940  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:31:58.0482 0940  BITS - ok
16:31:58.0495 0940  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:31:58.0496 0940  blbdrive - ok
16:31:58.0519 0940  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:31:58.0524 0940  Bonjour Service - ok
16:31:58.0548 0940  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:31:58.0549 0940  bowser - ok
16:31:58.0558 0940  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:31:58.0559 0940  BrFiltLo - ok
16:31:58.0562 0940  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:31:58.0563 0940  BrFiltUp - ok
16:31:58.0595 0940  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
16:31:58.0597 0940  Browser - ok
16:31:58.0616 0940  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
16:31:58.0619 0940  Brserid - ok
16:31:58.0623 0940  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:31:58.0624 0940  BrSerWdm - ok
16:31:58.0627 0940  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:31:58.0628 0940  BrUsbMdm - ok
16:31:58.0631 0940  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:31:58.0632 0940  BrUsbSer - ok
16:31:58.0646 0940  [ 3B1B573371B206D1D5F25E0EF5FCD6D6 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
16:31:58.0649 0940  BTATH_A2DP - ok
16:31:58.0670 0940  [ 2D0446336D9DB55A742B999EC16ADF15 ] BTATH_BUS      C:\Windows\system32\DRIVERS\btath_bus.sys
16:31:58.0671 0940  BTATH_BUS - ok
16:31:58.0685 0940  [ 9A9694BBEB2849EAF95DFFCAE5DF02AD ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
16:31:58.0687 0940  BTATH_HCRP - ok
16:31:58.0695 0940  [ FC0A8075DDF2E9C66267AEC91E0676F9 ] BTATH_LWFLT    C:\Windows\system32\DRIVERS\btath_lwflt.sys
16:31:58.0696 0940  BTATH_LWFLT - ok
16:31:58.0704 0940  [ 5EB4815CBDDBA4541F2380DAE6E269AB ] BTATH_RCP      C:\Windows\system32\DRIVERS\btath_rcp.sys
16:31:58.0705 0940  BTATH_RCP - ok
16:31:58.0721 0940  [ 0ECEDE7B33CFD9A52A61220ABBD09A50 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
16:31:58.0723 0940  BtFilter - ok
16:31:58.0766 0940  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum        C:\Windows\system32\drivers\BthEnum.sys
16:31:58.0768 0940  BthEnum - ok
16:31:58.0772 0940  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:31:58.0773 0940  BTHMODEM - ok
16:31:58.0793 0940  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:31:58.0795 0940  BthPan - ok
16:31:58.0834 0940  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
16:31:58.0840 0940  BTHPORT - ok
16:31:58.0874 0940  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
16:31:58.0875 0940  bthserv - ok
16:31:58.0897 0940  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:31:58.0898 0940  BTHUSB - ok
16:31:58.0969 0940  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:31:58.0991 0940  cdfs - ok
16:31:59.0010 0940  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
16:31:59.0012 0940  cdrom - ok
16:31:59.0041 0940  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
16:31:59.0043 0940  CertPropSvc - ok
16:31:59.0046 0940  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
16:31:59.0048 0940  circlass - ok
16:31:59.0064 0940  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:31:59.0068 0940  CLFS - ok
16:31:59.0128 0940  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:31:59.0129 0940  clr_optimization_v2.0.50727_32 - ok
16:31:59.0171 0940  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:31:59.0173 0940  clr_optimization_v2.0.50727_64 - ok
16:31:59.0237 0940  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:31:59.0239 0940  clr_optimization_v4.0.30319_32 - ok
16:31:59.0260 0940  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:31:59.0262 0940  clr_optimization_v4.0.30319_64 - ok
16:31:59.0281 0940  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:31:59.0282 0940  CmBatt - ok
16:31:59.0286 0940  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:31:59.0287 0940  cmdide - ok
16:31:59.0325 0940  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
16:31:59.0330 0940  CNG - ok
16:31:59.0339 0940  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:31:59.0340 0940  Compbatt - ok
16:31:59.0375 0940  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:31:59.0376 0940  CompositeBus - ok
16:31:59.0386 0940  COMSysApp - ok
16:31:59.0398 0940  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
16:31:59.0398 0940  crcdisk - ok
16:31:59.0433 0940  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:31:59.0436 0940  CryptSvc - ok
16:31:59.0525 0940  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:31:59.0531 0940  cvhsvc - ok
16:31:59.0559 0940  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:31:59.0588 0940  DcomLaunch - ok
16:31:59.0611 0940  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
16:31:59.0616 0940  defragsvc - ok
16:31:59.0626 0940  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:31:59.0627 0940  DfsC - ok
16:31:59.0659 0940  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:31:59.0664 0940  Dhcp - ok
16:31:59.0674 0940  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:31:59.0675 0940  discache - ok
16:31:59.0697 0940  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
16:31:59.0699 0940  Disk - ok
16:31:59.0721 0940  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:31:59.0725 0940  Dnscache - ok
16:31:59.0748 0940  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
16:31:59.0752 0940  dot3svc - ok
16:31:59.0774 0940  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
16:31:59.0777 0940  DPS - ok
16:31:59.0801 0940  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
16:31:59.0801 0940  drmkaud - ok
16:31:59.0818 0940  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:31:59.0820 0940  dtsoftbus01 - ok
16:31:59.0843 0940  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
16:31:59.0850 0940  DXGKrnl - ok
16:31:59.0870 0940  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
16:31:59.0872 0940  EapHost - ok
16:31:59.0933 0940  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\drivers\evbda.sys
16:31:59.0970 0940  ebdrv - ok
16:32:00.0000 0940  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
16:32:00.0002 0940  EFS - ok
16:32:00.0046 0940  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
16:32:00.0055 0940  ehRecvr - ok
16:32:00.0063 0940  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
16:32:00.0065 0940  ehSched - ok
16:32:00.0093 0940  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
16:32:00.0099 0940  elxstor - ok
16:32:00.0110 0940  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:32:00.0111 0940  ErrDev - ok
16:32:00.0128 0940  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
16:32:00.0132 0940  EventSystem - ok
16:32:00.0146 0940  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
16:32:00.0148 0940  exfat - ok
16:32:00.0164 0940  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
16:32:00.0167 0940  fastfat - ok
16:32:00.0201 0940  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
16:32:00.0210 0940  Fax - ok
16:32:00.0214 0940  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\drivers\fdc.sys
16:32:00.0215 0940  fdc - ok
16:32:00.0223 0940  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
16:32:00.0224 0940  fdPHost - ok
16:32:00.0228 0940  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:32:00.0229 0940  FDResPub - ok
16:32:00.0259 0940  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:32:00.0260 0940  FileInfo - ok
16:32:00.0276 0940  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
16:32:00.0277 0940  Filetrace - ok
16:32:00.0287 0940  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:32:00.0288 0940  flpydisk - ok
16:32:00.0306 0940  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:32:00.0310 0940  FltMgr - ok
16:32:00.0346 0940  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
16:32:00.0360 0940  FontCache - ok
16:32:00.0399 0940  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:32:00.0401 0940  FontCache3.0.0.0 - ok
16:32:00.0416 0940  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
16:32:00.0418 0940  FsDepends - ok
16:32:00.0450 0940  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:32:00.0451 0940  Fs_Rec - ok
16:32:00.0475 0940  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:32:00.0478 0940  fvevol - ok
16:32:00.0493 0940  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:32:00.0495 0940  gagp30kx - ok
16:32:00.0534 0940  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:32:00.0535 0940  GEARAspiWDM - ok
16:32:00.0566 0940  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
16:32:00.0576 0940  gpsvc - ok
16:32:00.0591 0940  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:32:00.0592 0940  hcw85cir - ok
16:32:00.0622 0940  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:32:00.0626 0940  HdAudAddService - ok
16:32:00.0662 0940  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:32:00.0664 0940  HDAudBus - ok
16:32:00.0684 0940  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
16:32:00.0684 0940  HidBatt - ok
16:32:00.0690 0940  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:32:00.0691 0940  HidBth - ok
16:32:00.0708 0940  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\drivers\hidir.sys
16:32:00.0709 0940  HidIr - ok
16:32:00.0732 0940  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
16:32:00.0734 0940  hidserv - ok
16:32:00.0754 0940  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:32:00.0756 0940  HidUsb - ok
16:32:00.0788 0940  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:32:00.0791 0940  hkmsvc - ok
16:32:00.0807 0940  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:32:00.0811 0940  HomeGroupListener - ok
16:32:00.0830 0940  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:32:00.0834 0940  HomeGroupProvider - ok
16:32:00.0850 0940  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:32:00.0852 0940  HpSAMD - ok
16:32:00.0875 0940  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:32:00.0884 0940  HTTP - ok
16:32:00.0892 0940  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:32:00.0893 0940  hwpolicy - ok
16:32:00.0913 0940  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:32:00.0915 0940  i8042prt - ok
16:32:00.0935 0940  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
16:32:00.0941 0940  iaStorV - ok
16:32:00.0969 0940  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:32:00.0980 0940  idsvc - ok
16:32:00.0992 0940  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
16:32:00.0994 0940  iirsp - ok
16:32:01.0027 0940  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:32:01.0037 0940  IKEEXT - ok
16:32:01.0107 0940  [ DAB7318CCFA8081200D5B7B486793F74 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:32:01.0124 0940  IntcAzAudAddService - ok
16:32:01.0126 0940  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:32:01.0126 0940  intelide - ok
16:32:01.0131 0940  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:32:01.0132 0940  intelppm - ok
16:32:01.0146 0940  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
16:32:01.0148 0940  IPBusEnum - ok
16:32:01.0150 0940  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:32:01.0151 0940  IpFilterDriver - ok
16:32:01.0197 0940  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:32:01.0204 0940  iphlpsvc - ok
16:32:01.0208 0940  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
16:32:01.0210 0940  IPMIDRV - ok
16:32:01.0221 0940  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
16:32:01.0223 0940  IPNAT - ok
16:32:01.0262 0940  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:32:01.0272 0940  iPod Service - ok
16:32:01.0284 0940  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:32:01.0285 0940  IRENUM - ok
16:32:01.0288 0940  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:32:01.0288 0940  isapnp - ok
16:32:01.0305 0940  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:32:01.0307 0940  iScsiPrt - ok
16:32:01.0319 0940  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:32:01.0320 0940  kbdclass - ok
16:32:01.0336 0940  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:32:01.0337 0940  kbdhid - ok
16:32:01.0350 0940  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:32:01.0351 0940  KeyIso - ok
16:32:01.0407 0940  [ 8B5219318DF5895ABD230C373F2DF18A ] kl1            C:\Windows\system32\DRIVERS\kl1.sys
16:32:01.0412 0940  kl1 - ok
16:32:01.0471 0940  [ 8191BB24F61EBCAF84719993C7F7B5C6 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
16:32:01.0476 0940  KLIF - ok
16:32:01.0510 0940  [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6          C:\Windows\system32\DRIVERS\klim6.sys
16:32:01.0510 0940  KLIM6 - ok
16:32:01.0522 0940  [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
16:32:01.0523 0940  klkbdflt - ok
16:32:01.0534 0940  [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
16:32:01.0535 0940  klmouflt - ok
16:32:01.0541 0940  [ FFC0501A1EA742406F1904A0CFE3BFE2 ] kltdi          C:\Windows\system32\DRIVERS\kltdi.sys
16:32:01.0542 0940  kltdi - ok
16:32:01.0559 0940  [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps          C:\Windows\system32\DRIVERS\kneps.sys
16:32:01.0561 0940  kneps - ok
16:32:01.0590 0940  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:32:01.0591 0940  KSecDD - ok
16:32:01.0627 0940  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
16:32:01.0629 0940  KSecPkg - ok
16:32:01.0642 0940  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
16:32:01.0643 0940  ksthunk - ok
16:32:01.0663 0940  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
16:32:01.0669 0940  KtmRm - ok
16:32:01.0690 0940  [ CE4347E2D90DB2E5517B6F2BC720A862 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
16:32:01.0694 0940  LADF_CaptureOnly - ok
16:32:01.0709 0940  [ 85A9D21D3AE2EA963E111CB150895877 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
16:32:01.0712 0940  LADF_RenderOnly - ok
16:32:01.0741 0940  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:32:01.0746 0940  LanmanServer - ok
16:32:01.0755 0940  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:32:01.0758 0940  LanmanWorkstation - ok
16:32:01.0852 0940  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ        C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:32:01.0857 0940  LBTServ - ok
16:32:01.0886 0940  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum      C:\Windows\system32\drivers\LGBusEnum.sys
16:32:01.0887 0940  LGBusEnum - ok
16:32:01.0914 0940  [ F705A641C18DF31B48B5DBDA94B425E4 ] LGPBTDD        C:\Windows\system32\Drivers\LGPBTDD.sys
16:32:01.0915 0940  LGPBTDD - ok
16:32:01.0934 0940  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
16:32:01.0934 0940  LGVirHid - ok
16:32:01.0968 0940  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:32:01.0969 0940  LHidFilt - ok
16:32:01.0998 0940  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:32:01.0998 0940  lltdio - ok
16:32:02.0024 0940  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
16:32:02.0029 0940  lltdsvc - ok
16:32:02.0044 0940  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
16:32:02.0046 0940  lmhosts - ok
16:32:02.0079 0940  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:32:02.0080 0940  LMouFilt - ok
16:32:02.0093 0940  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:32:02.0094 0940  LSI_FC - ok
16:32:02.0097 0940  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
16:32:02.0098 0940  LSI_SAS - ok
16:32:02.0103 0940  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:32:02.0105 0940  LSI_SAS2 - ok
16:32:02.0113 0940  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:32:02.0114 0940  LSI_SCSI - ok
16:32:02.0129 0940  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
16:32:02.0130 0940  luafv - ok
16:32:02.0183 0940  [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
16:32:02.0184 0940  MBAMProtector - ok
16:32:02.0233 0940  [ 43683E970F008C93C9429EF428147A54 ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:32:02.0241 0940  MBAMService - ok
16:32:02.0260 0940  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
16:32:02.0262 0940  Mcx2Svc - ok
16:32:02.0266 0940  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\drivers\megasas.sys
16:32:02.0267 0940  megasas - ok
16:32:02.0295 0940  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:32:02.0299 0940  MegaSR - ok
16:32:02.0323 0940  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
16:32:02.0324 0940  MEIx64 - ok
16:32:02.0334 0940  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
16:32:02.0336 0940  MMCSS - ok
16:32:02.0340 0940  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
16:32:02.0341 0940  Modem - ok
16:32:02.0362 0940  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
16:32:02.0362 0940  monitor - ok
16:32:02.0375 0940  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:32:02.0376 0940  mouclass - ok
16:32:02.0390 0940  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:32:02.0391 0940  mouhid - ok
16:32:02.0400 0940  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:32:02.0401 0940  mountmgr - ok
16:32:02.0424 0940  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:32:02.0426 0940  mpio - ok
16:32:02.0437 0940  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:32:02.0438 0940  mpsdrv - ok
16:32:02.0460 0940  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:32:02.0471 0940  MpsSvc - ok
16:32:02.0476 0940  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:32:02.0478 0940  MRxDAV - ok
16:32:02.0500 0940  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:32:02.0502 0940  mrxsmb - ok
16:32:02.0518 0940  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:32:02.0522 0940  mrxsmb10 - ok
16:32:02.0530 0940  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:32:02.0532 0940  mrxsmb20 - ok
16:32:02.0543 0940  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:32:02.0543 0940  msahci - ok
16:32:02.0557 0940  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
16:32:02.0559 0940  msdsm - ok
16:32:02.0571 0940  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
16:32:02.0574 0940  MSDTC - ok
16:32:02.0590 0940  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:32:02.0591 0940  Msfs - ok
16:32:02.0604 0940  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
16:32:02.0604 0940  mshidkmdf - ok
16:32:02.0617 0940  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:32:02.0618 0940  msisadrv - ok
16:32:02.0635 0940  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
16:32:02.0638 0940  MSiSCSI - ok
16:32:02.0642 0940  msiserver - ok
16:32:02.0657 0940  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
16:32:02.0657 0940  MSKSSRV - ok
16:32:02.0667 0940  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:32:02.0668 0940  MSPCLOCK - ok
16:32:02.0676 0940  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
16:32:02.0677 0940  MSPQM - ok
16:32:02.0708 0940  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
16:32:02.0712 0940  MsRPC - ok
16:32:02.0721 0940  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:32:02.0722 0940  mssmbios - ok
16:32:02.0744 0940  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
16:32:02.0745 0940  MSTEE - ok
16:32:02.0759 0940  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:32:02.0760 0940  MTConfig - ok
16:32:02.0770 0940  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
16:32:02.0771 0940  Mup - ok
16:32:02.0795 0940  [ 38B4C95E821528FB91DF16A78E04450F ] mv91xx          C:\Windows\system32\DRIVERS\mv91xx.sys
16:32:02.0799 0940  mv91xx - ok
16:32:02.0825 0940  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:32:02.0832 0940  napagent - ok
16:32:02.0855 0940  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
16:32:02.0859 0940  NativeWifiP - ok
16:32:02.0899 0940  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:32:02.0910 0940  NDIS - ok
16:32:02.0931 0940  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
16:32:02.0932 0940  NdisCap - ok
16:32:02.0945 0940  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:32:02.0946 0940  NdisTapi - ok
16:32:02.0956 0940  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
16:32:02.0957 0940  Ndisuio - ok
16:32:02.0968 0940  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
16:32:02.0970 0940  NdisWan - ok
16:32:02.0974 0940  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
16:32:02.0975 0940  NDProxy - ok
16:32:02.0985 0940  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
16:32:02.0986 0940  NetBIOS - ok
16:32:02.0997 0940  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
16:32:03.0001 0940  NetBT - ok
16:32:03.0014 0940  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:32:03.0015 0940  Netlogon - ok
16:32:03.0045 0940  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:32:03.0051 0940  Netman - ok
16:32:03.0060 0940  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:32:03.0067 0940  netprofm - ok
16:32:03.0088 0940  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:32:03.0090 0940  NetTcpPortSharing - ok
16:32:03.0109 0940  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
16:32:03.0110 0940  nfrd960 - ok
16:32:03.0132 0940  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:32:03.0138 0940  NlaSvc - ok
16:32:03.0167 0940  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:32:03.0168 0940  Npfs - ok
16:32:03.0187 0940  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
16:32:03.0189 0940  nsi - ok
16:32:03.0198 0940  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:32:03.0198 0940  nsiproxy - ok
16:32:03.0256 0940  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:32:03.0275 0940  Ntfs - ok
16:32:03.0284 0940  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:32:03.0284 0940  Null - ok
16:32:03.0321 0940  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
16:32:03.0323 0940  NVHDA - ok
16:32:03.0499 0940  [ C9FC4C5A7EBE09A40C7DC37C04542900 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:32:03.0539 0940  nvlddmkm - ok
16:32:03.0571 0940  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:32:03.0572 0940  nvraid - ok
16:32:03.0596 0940  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:32:03.0598 0940  nvstor - ok
16:32:03.0634 0940  [ 7056BD6DE1DBF6B8665038AF35D9E146 ] nvsvc          C:\Windows\system32\nvvsvc.exe
16:32:03.0644 0940  nvsvc - ok
16:32:03.0691 0940  [ 1B6FA911436D227B24554C33BC68B774 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:32:03.0704 0940  nvUpdatusService - ok
16:32:03.0727 0940  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:32:03.0729 0940  nv_agp - ok
16:32:03.0740 0940  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:32:03.0741 0940  ohci1394 - ok
16:32:03.0795 0940  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:32:03.0797 0940  ose - ok
16:32:03.0891 0940  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:32:03.0935 0940  osppsvc - ok
16:32:03.0959 0940  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:32:03.0963 0940  p2pimsvc - ok
16:32:03.0975 0940  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:32:03.0982 0940  p2psvc - ok
16:32:04.0008 0940  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\drivers\parport.sys
16:32:04.0009 0940  Parport - ok
16:32:04.0036 0940  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
16:32:04.0037 0940  partmgr - ok
16:32:04.0049 0940  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:32:04.0053 0940  PcaSvc - ok
16:32:04.0066 0940  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
16:32:04.0069 0940  pci - ok
16:32:04.0076 0940  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:32:04.0077 0940  pciide - ok
16:32:04.0091 0940  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:32:04.0093 0940  pcmcia - ok
16:32:04.0107 0940  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
16:32:04.0108 0940  pcw - ok
16:32:04.0129 0940  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:32:04.0137 0940  PEAUTH - ok
16:32:04.0202 0940  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:32:04.0204 0940  PerfHost - ok
16:32:04.0242 0940  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
16:32:04.0254 0940  pla - ok
16:32:04.0283 0940  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:32:04.0288 0940  PlugPlay - ok
16:32:04.0329 0940  PnkBstrA - ok
16:32:04.0347 0940  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
16:32:04.0350 0940  PNRPAutoReg - ok
16:32:04.0357 0940  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
16:32:04.0361 0940  PNRPsvc - ok
16:32:04.0395 0940  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
16:32:04.0402 0940  PolicyAgent - ok
16:32:04.0431 0940  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
16:32:04.0435 0940  Power - ok
16:32:04.0479 0940  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:32:04.0481 0940  PptpMiniport - ok
16:32:04.0492 0940  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\drivers\processr.sys
16:32:04.0494 0940  Processor - ok
16:32:04.0532 0940  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
16:32:04.0536 0940  ProfSvc - ok
16:32:04.0545 0940  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:32:04.0547 0940  ProtectedStorage - ok
16:32:04.0568 0940  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:32:04.0569 0940  Psched - ok
16:32:04.0607 0940  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:32:04.0625 0940  ql2300 - ok
16:32:04.0629 0940  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:32:04.0632 0940  ql40xx - ok
16:32:04.0639 0940  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
16:32:04.0642 0940  QWAVE - ok
16:32:04.0651 0940  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:32:04.0651 0940  QWAVEdrv - ok
16:32:04.0653 0940  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:32:04.0654 0940  RasAcd - ok
16:32:04.0674 0940  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
16:32:04.0675 0940  RasAgileVpn - ok
16:32:04.0695 0940  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
16:32:04.0698 0940  RasAuto - ok
16:32:04.0714 0940  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
16:32:04.0716 0940  Rasl2tp - ok
16:32:04.0737 0940  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:32:04.0743 0940  RasMan - ok
16:32:04.0757 0940  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:32:04.0759 0940  RasPppoe - ok
16:32:04.0768 0940  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
16:32:04.0770 0940  RasSstp - ok
16:32:04.0779 0940  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
16:32:04.0783 0940  rdbss - ok
16:32:04.0800 0940  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:32:04.0800 0940  rdpbus - ok
16:32:04.0822 0940  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:32:04.0822 0940  RDPCDD - ok
16:32:04.0830 0940  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:32:04.0831 0940  RDPENCDD - ok
16:32:04.0837 0940  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:32:04.0837 0940  RDPREFMP - ok
16:32:04.0869 0940  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
16:32:04.0871 0940  RDPWD - ok
16:32:04.0889 0940  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:32:04.0892 0940  rdyboost - ok
16:32:04.0918 0940  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:32:04.0920 0940  RemoteAccess - ok
16:32:04.0938 0940  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:32:04.0941 0940  RemoteRegistry - ok
16:32:04.0965 0940  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:32:04.0968 0940  RFCOMM - ok
16:32:04.0972 0940  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:32:04.0975 0940  RpcEptMapper - ok
16:32:04.0988 0940  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:32:04.0990 0940  RpcLocator - ok
16:32:05.0006 0940  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
16:32:05.0011 0940  RpcSs - ok
16:32:05.0025 0940  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:32:05.0026 0940  rspndr - ok
16:32:05.0046 0940  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
16:32:05.0050 0940  RTL8167 - ok
16:32:05.0053 0940  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
16:32:05.0054 0940  SamSs - ok
16:32:05.0065 0940  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:32:05.0066 0940  sbp2port - ok
16:32:05.0084 0940  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:32:05.0087 0940  SCardSvr - ok
16:32:05.0100 0940  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:32:05.0101 0940  scfilter - ok
16:32:05.0130 0940  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:32:05.0141 0940  Schedule - ok
16:32:05.0167 0940  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
16:32:05.0167 0940  SCPolicySvc - ok
16:32:05.0180 0940  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:32:05.0184 0940  SDRSVC - ok
16:32:05.0194 0940  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:32:05.0195 0940  secdrv - ok
16:32:05.0199 0940  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:32:05.0201 0940  seclogon - ok
16:32:05.0213 0940  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:32:05.0216 0940  SENS - ok
16:32:05.0231 0940  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:32:05.0233 0940  SensrSvc - ok
16:32:05.0256 0940  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
16:32:05.0257 0940  Serenum - ok
16:32:05.0272 0940  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:32:05.0274 0940  Serial - ok
16:32:05.0286 0940  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:32:05.0287 0940  sermouse - ok
16:32:05.0301 0940  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:32:05.0303 0940  SessionEnv - ok
16:32:05.0317 0940  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
16:32:05.0318 0940  sffdisk - ok
16:32:05.0320 0940  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:32:05.0321 0940  sffp_mmc - ok
16:32:05.0322 0940  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
16:32:05.0323 0940  sffp_sd - ok
16:32:05.0325 0940  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
16:32:05.0325 0940  sfloppy - ok
16:32:05.0368 0940  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs          C:\Windows\system32\DRIVERS\Sftfslh.sys
16:32:05.0371 0940  Sftfs - ok
16:32:05.0410 0940  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:32:05.0415 0940  sftlist - ok
16:32:05.0432 0940  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay        C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:32:05.0435 0940  Sftplay - ok
16:32:05.0450 0940  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:32:05.0451 0940  Sftredir - ok
16:32:05.0461 0940  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
16:32:05.0462 0940  Sftvol - ok
16:32:05.0478 0940  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:32:05.0481 0940  sftvsa - ok
16:32:05.0510 0940  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:32:05.0515 0940  SharedAccess - ok
16:32:05.0534 0940  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:32:05.0541 0940  ShellHWDetection - ok
16:32:05.0553 0940  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:32:05.0554 0940  SiSRaid2 - ok
16:32:05.0558 0940  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:32:05.0560 0940  SiSRaid4 - ok
16:32:05.0578 0940  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
16:32:05.0580 0940  Smb - ok
16:32:05.0608 0940  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:32:05.0610 0940  SNMPTRAP - ok
16:32:05.0777 0940  [ 37D91C6385BB1104D67925FC43800ED0 ] SNPSTD3        C:\Windows\system32\DRIVERS\snpstd3.sys
16:32:05.0856 0940  SNPSTD3 - ok
16:32:05.0870 0940  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
16:32:05.0871 0940  spldr - ok
16:32:05.0898 0940  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
16:32:05.0906 0940  Spooler - ok
16:32:05.0959 0940  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:32:05.0990 0940  sppsvc - ok
16:32:05.0998 0940  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
16:32:06.0000 0940  sppuinotify - ok
16:32:06.0021 0940  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
16:32:06.0025 0940  srv - ok
16:32:06.0041 0940  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:32:06.0045 0940  srv2 - ok
16:32:06.0054 0940  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:32:06.0056 0940  srvnet - ok
16:32:06.0082 0940  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
16:32:06.0085 0940  SSDPSRV - ok
16:32:06.0093 0940  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
16:32:06.0095 0940  SstpSvc - ok
16:32:06.0118 0940  Steam Client Service - ok
16:32:06.0208 0940  [ 88BD236A405DBC139E9DE278EF17A322 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:32:06.0212 0940  Stereo Service - ok
16:32:06.0230 0940  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:32:06.0231 0940  stexstor - ok
16:32:06.0270 0940  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:32:06.0279 0940  stisvc - ok
16:32:06.0306 0940  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:32:06.0307 0940  swenum - ok
16:32:06.0334 0940  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
16:32:06.0342 0940  swprv - ok
16:32:06.0386 0940  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
16:32:06.0405 0940  SysMain - ok
16:32:06.0419 0940  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:32:06.0421 0940  TabletInputService - ok
16:32:06.0438 0940  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
16:32:06.0442 0940  TapiSrv - ok
16:32:06.0456 0940  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
16:32:06.0458 0940  TBS - ok
16:32:06.0515 0940  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
16:32:06.0536 0940  Tcpip - ok
16:32:06.0569 0940  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:32:06.0582 0940  TCPIP6 - ok
16:32:06.0613 0940  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:32:06.0614 0940  tcpipreg - ok
16:32:06.0624 0940  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:32:06.0625 0940  TDPIPE - ok
16:32:06.0655 0940  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
16:32:06.0656 0940  TDTCP - ok
16:32:06.0666 0940  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
16:32:06.0668 0940  tdx - ok
16:32:06.0683 0940  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:32:06.0684 0940  TermDD - ok
16:32:06.0709 0940  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
16:32:06.0719 0940  TermService - ok
16:32:06.0732 0940  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:32:06.0734 0940  Themes - ok
16:32:06.0738 0940  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
16:32:06.0739 0940  THREADORDER - ok
16:32:06.0747 0940  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:32:06.0749 0940  TrkWks - ok
16:32:06.0776 0940  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:32:06.0778 0940  TrustedInstaller - ok
16:32:06.0791 0940  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:32:06.0792 0940  tssecsrv - ok
16:32:06.0811 0940  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:32:06.0812 0940  TsUsbFlt - ok
16:32:06.0826 0940  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
16:32:06.0827 0940  TsUsbGD - ok
16:32:06.0856 0940  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:32:06.0859 0940  tunnel - ok
16:32:06.0871 0940  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:32:06.0873 0940  uagp35 - ok
16:32:06.0885 0940  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:32:06.0890 0940  udfs - ok
16:32:06.0907 0940  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
16:32:06.0910 0940  UI0Detect - ok
16:32:06.0926 0940  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:32:06.0927 0940  uliagpkx - ok
16:32:06.0943 0940  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
16:32:06.0944 0940  umbus - ok
16:32:06.0952 0940  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:32:06.0953 0940  UmPass - ok
16:32:06.0971 0940  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:32:06.0976 0940  upnphost - ok
16:32:07.0009 0940  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
16:32:07.0010 0940  USBAAPL64 - ok
16:32:07.0036 0940  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:32:07.0037 0940  usbaudio - ok
16:32:07.0065 0940  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
16:32:07.0066 0940  usbccgp - ok
16:32:07.0088 0940  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:32:07.0089 0940  usbcir - ok
16:32:07.0104 0940  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
16:32:07.0105 0940  usbehci - ok
16:32:07.0115 0940  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:32:07.0119 0940  usbhub - ok
16:32:07.0130 0940  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
16:32:07.0131 0940  usbohci - ok
16:32:07.0147 0940  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:32:07.0148 0940  usbprint - ok
16:32:07.0163 0940  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:32:07.0164 0940  USBSTOR - ok
16:32:07.0179 0940  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
16:32:07.0180 0940  usbuhci - ok
16:32:07.0228 0940  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:32:07.0230 0940  usbvideo - ok
16:32:07.0251 0940  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
16:32:07.0253 0940  UxSms - ok
16:32:07.0261 0940  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:32:07.0262 0940  VaultSvc - ok
16:32:07.0284 0940  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:32:07.0284 0940  vdrvroot - ok
16:32:07.0301 0940  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
16:32:07.0307 0940  vds - ok
16:32:07.0319 0940  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
16:32:07.0319 0940  vga - ok
16:32:07.0331 0940  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
16:32:07.0332 0940  VgaSave - ok
16:32:07.0348 0940  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
16:32:07.0351 0940  vhdmp - ok
16:32:07.0353 0940  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:32:07.0353 0940  viaide - ok
16:32:07.0368 0940  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:32:07.0369 0940  volmgr - ok
16:32:07.0382 0940  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
16:32:07.0386 0940  volmgrx - ok
16:32:07.0398 0940  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
16:32:07.0401 0940  volsnap - ok
16:32:07.0421 0940  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
16:32:07.0424 0940  vsmraid - ok
16:32:07.0455 0940  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
16:32:07.0469 0940  VSS - ok
16:32:07.0476 0940  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:32:07.0476 0940  vwifibus - ok
16:32:07.0501 0940  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
16:32:07.0505 0940  W32Time - ok
16:32:07.0519 0940  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:32:07.0520 0940  WacomPen - ok
16:32:07.0539 0940  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:32:07.0540 0940  WANARP - ok
16:32:07.0543 0940  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:32:07.0544 0940  Wanarpv6 - ok
16:32:07.0577 0940  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:32:07.0597 0940  wbengine - ok
16:32:07.0616 0940  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:32:07.0619 0940  WbioSrvc - ok
16:32:07.0635 0940  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
16:32:07.0641 0940  wcncsvc - ok
16:32:07.0652 0940  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:32:07.0655 0940  WcsPlugInService - ok
16:32:07.0669 0940  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
16:32:07.0670 0940  Wd - ok
16:32:07.0710 0940  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:32:07.0719 0940  Wdf01000 - ok
16:32:07.0728 0940  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:32:07.0732 0940  WdiServiceHost - ok
16:32:07.0735 0940  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
16:32:07.0738 0940  WdiSystemHost - ok
16:32:07.0754 0940  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
16:32:07.0759 0940  WebClient - ok
16:32:07.0772 0940  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:32:07.0777 0940  Wecsvc - ok
16:32:07.0794 0940  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
16:32:07.0797 0940  wercplsupport - ok
16:32:07.0821 0940  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:32:07.0823 0940  WerSvc - ok
16:32:07.0826 0940  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:32:07.0826 0940  WfpLwf - ok
16:32:07.0834 0940  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:32:07.0834 0940  WIMMount - ok
16:32:07.0843 0940  WinDefend - ok
16:32:07.0846 0940  WinHttpAutoProxySvc - ok
16:32:07.0882 0940  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
16:32:07.0885 0940  Winmgmt - ok
16:32:07.0932 0940  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
16:32:07.0951 0940  WinRM - ok
16:32:07.0983 0940  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:32:07.0983 0940  WinUsb - ok
16:32:08.0000 0940  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
16:32:08.0009 0940  Wlansvc - ok
16:32:08.0017 0940  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
16:32:08.0018 0940  WmiAcpi - ok
16:32:08.0026 0940  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:32:08.0028 0940  wmiApSrv - ok
16:32:08.0042 0940  WMPNetworkSvc - ok
16:32:08.0053 0940  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:32:08.0055 0940  WPCSvc - ok
16:32:08.0067 0940  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:32:08.0070 0940  WPDBusEnum - ok
16:32:08.0091 0940  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
16:32:08.0092 0940  ws2ifsl - ok
16:32:08.0113 0940  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:32:08.0117 0940  wscsvc - ok
16:32:08.0120 0940  WSearch - ok
16:32:08.0186 0940  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:32:08.0209 0940  wuauserv - ok
16:32:08.0233 0940  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:32:08.0234 0940  WudfPf - ok
16:32:08.0247 0940  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:32:08.0249 0940  WUDFRd - ok
16:32:08.0282 0940  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
16:32:08.0286 0940  wudfsvc - ok
16:32:08.0312 0940  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
16:32:08.0317 0940  WwanSvc - ok
16:32:08.0349 0940  ================ Scan global ===============================
16:32:08.0367 0940  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:32:08.0398 0940  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:32:08.0407 0940  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:32:08.0429 0940  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:32:08.0448 0940  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:32:08.0454 0940  [Global] - ok
16:32:08.0454 0940  ================ Scan MBR ==================================
16:32:08.0462 0940  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:32:08.0579 0940  \Device\Harddisk0\DR0 - ok
16:32:08.0583 0940  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
16:32:08.0587 0940  \Device\Harddisk1\DR1 - ok
16:32:08.0588 0940  ================ Scan VBR ==================================
16:32:08.0590 0940  [ 63D554AA84DCFB8C502C4C6D5AC642A8 ] \Device\Harddisk0\DR0\Partition1
16:32:08.0591 0940  \Device\Harddisk0\DR0\Partition1 - ok
16:32:08.0603 0940  [ 11DAF74E46DDB0CAE3F624EA555779DA ] \Device\Harddisk0\DR0\Partition2
16:32:08.0604 0940  \Device\Harddisk0\DR0\Partition2 - ok
16:32:08.0624 0940  [ F1FC699FCE3CE40C00F7946294EF2A62 ] \Device\Harddisk0\DR0\Partition3
16:32:08.0626 0940  \Device\Harddisk0\DR0\Partition3 - ok
16:32:08.0629 0940  [ D62F7E1F5A71D5E4F39D3E8DBDD0BA15 ] \Device\Harddisk1\DR1\Partition1
16:32:08.0631 0940  \Device\Harddisk1\DR1\Partition1 - ok
16:32:08.0631 0940  ============================================================
16:32:08.0631 0940  Scan finished
16:32:08.0632 0940  ============================================================
16:32:08.0641 4976  Detected object count: 0
16:32:08.0641 4976  Actual detected object count: 0
16:32:41.0195 3736  Deinitialize success

Psychotic 03.01.2013 17:07
Combofix


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hogrebe05 03.01.2013 19:50
Guten Abend,
hier hab ich jetzt auch das Combofix ergebniss
Code:
ComboFix 13-01-03.05 - Robert 03.01.2013  19:40:59.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8169.6586 [GMT 1:00]
ausgeführt von:: c:\users\Robert\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\firefox.exe
C:\nspr4.dll
C:\nss3.dll
C:\plc4.dll
C:\plds4.dll
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\lsass.exe
c:\programdata\nud0repor.pad
C:\softokn3.dll
c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\users\Robert\War_Rock_10182011_G1_Xfire.exe.downloading
c:\users\Robert\wgsdgsdgdsgsd.exe
c:\windows\SysWow64\tmp202D.tmp
c:\windows\SysWow64\tmp203E.tmp
c:\windows\SysWow64\tmpE6C6.tmp
c:\windows\SysWow64\tmpE6C7.tmp
c:\windows\SysWow64\tmpF527.tmp
c:\windows\SysWow64\tmpF528.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-03 bis 2013-01-03  ))))))))))))))))))))))))))))))
.
.
2013-01-03 18:45 . 2013-01-03 18:45        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-01-03 18:45 . 2013-01-03 18:45        --------        d-----w-        c:\users\Downboy\AppData\Local\temp
2013-01-03 18:45 . 2013-01-03 18:45        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-01-01 11:33 . 2012-11-08 17:24        9125352        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A810AB41-C49B-447C-A60E-ED1C56F64E9A}\mpengine.dll
2012-12-27 12:24 . 2012-12-27 12:24        2914        ----a-w-        c:\programdata\dsgsdgdsgdsgw.js
2012-12-27 09:45 . 2012-12-27 09:45        --------        d-----w-        c:\users\Robert\AppData\Local\Macromedia
2012-12-27 09:24 . 2012-12-27 10:01        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-20 20:35 . 2012-12-16 17:11        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-20 20:35 . 2012-12-16 14:13        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-20 20:35 . 2012-12-16 14:45        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-20 20:35 . 2012-12-16 14:13        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-14 14:56 . 2012-12-14 14:56        --------        d-----w-        c:\users\Robert\AppData\Local\My Games
2012-12-14 14:41 . 2012-12-14 15:11        --------        d-----w-        c:\users\Robert\AppData\Local\Ubisoft Game Launcher
2012-12-14 14:24 . 2012-12-14 14:32        --------        d-----w-        c:\program files (x86)\Ubisoft
2012-12-13 16:49 . 2012-11-09 05:45        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-12-13 16:48 . 2012-11-02 05:59        478208        ----a-w-        c:\windows\system32\dpnet.dll
2012-12-13 16:48 . 2012-11-02 05:11        376832        ----a-w-        c:\windows\SysWow64\dpnet.dll
2012-12-13 16:46 . 2012-12-14 07:17        --------        d-----w-        c:\users\Robert\AppData\Roaming\GetRightToGo
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-28 17:17 . 2011-10-28 17:26        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-12-28 17:17 . 2011-10-28 15:09        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-12-27 10:01 . 2011-10-28 15:55        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-15 09:29 . 2011-10-28 15:09        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-12-14 14:32 . 2011-10-28 15:09        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-12-13 18:28 . 2011-10-17 12:47        67413224        ----a-w-        c:\windows\system32\MRT.exe
2012-12-02 14:42 . 2012-12-02 14:42        53248        ----a-r-        c:\users\Robert\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-02 14:41 . 2012-12-02 14:41        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2012-11-22 09:13 . 2012-12-03 17:57        9271352        ----a-w-        c:\windows\system32\nvcuda.dll
2012-11-22 09:13 . 2012-12-03 17:57        841272        ----a-w-        c:\windows\SysWow64\nvumdshim.dll
2012-11-22 09:13 . 2012-12-03 17:57        7819016        ----a-w-        c:\windows\SysWow64\nvcuda.dll
2012-11-22 09:13 . 2012-12-03 17:57        7446192        ----a-w-        c:\windows\system32\nvopencl.dll
2012-11-22 09:13 . 2012-12-03 17:57        6149904        ----a-w-        c:\windows\SysWow64\nvopencl.dll
2012-11-22 09:13 . 2012-12-03 17:57        2784104        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-11-22 09:13 . 2012-12-03 17:57        2606440        ----a-w-        c:\windows\SysWow64\nvcuvid.dll
2012-11-22 09:13 . 2012-12-03 17:57        25256296        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-11-22 09:13 . 2012-12-03 17:57        245432        ----a-w-        c:\windows\system32\nvinitx.dll
2012-11-22 09:13 . 2012-12-03 17:57        2226024        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-11-22 09:13 . 2012-12-03 17:57        20335976        ----a-w-        c:\windows\SysWow64\nvoglv32.dll
2012-11-22 09:13 . 2012-12-03 17:57        201136        ----a-w-        c:\windows\SysWow64\nvinit.dll
2012-11-22 09:13 . 2012-12-03 17:57        1874280        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll
2012-11-22 09:13 . 2012-12-03 17:57        18045968        ----a-w-        c:\windows\system32\nvd3dumx.dll
2012-11-22 09:13 . 2012-12-03 17:57        17559912        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2012-11-22 09:13 . 2012-12-03 17:57        11527528        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-11-22 09:13 . 2012-10-10 20:23        1504104        ----a-w-        c:\windows\system32\nvdispgenco64.dll
2012-11-22 09:13 . 2012-10-10 20:23        2816824        ----a-w-        c:\windows\system32\nvapi64.dll
2012-11-22 09:13 . 2012-10-10 20:23        983936        ----a-w-        c:\windows\system32\nvumdshimx.dll
2012-11-22 09:13 . 2012-10-10 20:23        14990512        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2012-11-22 09:13 . 2012-10-10 20:23        12578728        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2012-11-22 09:13 . 2012-10-10 20:22        2496976        ----a-w-        c:\windows\SysWow64\nvapi.dll
2012-11-22 09:13 . 2012-10-10 20:22        26811240        ----a-w-        c:\windows\system32\nvoglv64.dll
2012-11-22 09:13 . 2012-10-10 20:22        15122280        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2012-11-22 09:13 . 2011-10-17 16:47        1805672        ----a-w-        c:\windows\system32\nvdispco64.dll
2012-11-22 05:17 . 2012-11-18 10:57        3635277        ----a-w-        c:\windows\system32\nvcoproc.bin
2012-11-22 05:17 . 2011-10-17 16:47        63336        ----a-w-        c:\windows\system32\nvshext.dll
2012-11-22 05:17 . 2011-10-17 16:47        890216        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-11-22 05:17 . 2011-10-17 16:47        2557800        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-11-22 05:17 . 2011-10-17 16:47        118120        ----a-w-        c:\windows\system32\nvmctray.dll
2012-11-22 05:17 . 2011-10-17 16:47        3311464        ----a-w-        c:\windows\system32\nvsvc64.dll
2012-11-22 05:17 . 2011-10-17 16:47        6223208        ----a-w-        c:\windows\system32\nvcpl.dll
2012-11-21 17:27 . 2012-11-21 17:27        438632        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2012-10-16 08:38 . 2012-11-28 17:01        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 17:01        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 17:01        561664        ----a-w-        c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 06:14        55296        ----a-w-        c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 06:14        226816        ----a-w-        c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 06:14        44032        ----a-w-        c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 06:14        193536        ----a-w-        c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-08-17 218880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-12 283200]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-21 382824]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-08 122856]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-08 369640]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-01 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-01 29528]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-10-28 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-10-28 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-10-28 22408]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2011-10-28 30728]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-10-28 16008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 10:01]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157812262-3232227552-3022356683-1001Core.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-27 12:52]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157812262-3232227552-3022356683-1001UA.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-27 12:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Mozilla Firefox 8.0.1 (x86 de) - c:\users\Robert\AppData\Local\Temp\7zS388D.tmp\uninstall\helper.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-03  19:46:56
ComboFix-quarantined-files.txt  2013-01-03 18:46
.
Vor Suchlauf: 15 Verzeichnis(se), 89.376.333.824 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 91.614.347.264 Bytes frei
.
- - End Of File - - D0168CDEF11E8D5318CFFA6BEF8E9580

Psychotic 07.01.2013 07:17
Schritt 1: CF-Script



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
http://www.trojaner-board.de/128990-mehrfacher-befall-bka-trojaner-2.html#post983151

COLLECT::
c:\programdata\dsgsdgdsgdsgw.js
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.




Schritt 2: MBAM

  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Hogrebe05 07.01.2013 16:01
Hallo zusammen. Jetzt gibt es ein weiteres Problem. Habe das wie geschrieben mit combofix gemacht. Kann jetzt aber nix mehr öffnen. Das heißt wenn ich nen Explorer auf machen will kommt eine Fehlermeldung mit dem Pfad der Datei und dabei die Meldung. Es wurde versucht, einen Registrierungsschlussel einem unzulässigen Vorgang zu unterziehen, der zum löschen markiert wurde.

Was soll ich jetzt tun?
Lg

Psychotic 07.01.2013 16:16
Starte den Rechner neu. Dies sollte das Problem beheben!

Hogrebe05 07.01.2013 16:28
Also das hat wunderbar geklappt^^
einmal ComcoFix
Code:
ComboFix 13-01-06.01 - Robert 07.01.2013  15:44:51.3.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8169.6898 [GMT 1:00]
ausgeführt von:: c:\users\Robert\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Robert\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.js
c:\windows\isRS-000.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-07 bis 2013-01-07  ))))))))))))))))))))))))))))))
.
.
2013-01-07 14:50 . 2013-01-07 14:50        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-01-07 14:50 . 2013-01-07 14:50        --------        d-----w-        c:\users\Downboy\AppData\Local\temp
2013-01-07 14:50 . 2013-01-07 14:50        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-01-07 14:41 . 2013-01-07 14:41        --------        d-----w-        c:\users\Robert\AppData\Local\Programs
2013-01-04 15:19 . 2012-11-08 17:24        9125352        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{846770FA-9B5D-472A-92DD-401366912E7C}\mpengine.dll
2012-12-27 09:45 . 2012-12-27 09:45        --------        d-----w-        c:\users\Robert\AppData\Local\Macromedia
2012-12-27 09:24 . 2012-12-27 10:01        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-20 20:35 . 2012-12-16 17:11        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-20 20:35 . 2012-12-16 14:13        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-20 20:35 . 2012-12-16 14:45        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-20 20:35 . 2012-12-16 14:13        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-14 14:56 . 2012-12-14 14:56        --------        d-----w-        c:\users\Robert\AppData\Local\My Games
2012-12-14 14:41 . 2012-12-14 15:11        --------        d-----w-        c:\users\Robert\AppData\Local\Ubisoft Game Launcher
2012-12-14 14:24 . 2012-12-14 14:32        --------        d-----w-        c:\program files (x86)\Ubisoft
2012-12-13 16:49 . 2012-11-09 05:45        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-12-13 16:48 . 2012-11-02 05:59        478208        ----a-w-        c:\windows\system32\dpnet.dll
2012-12-13 16:48 . 2012-11-02 05:11        376832        ----a-w-        c:\windows\SysWow64\dpnet.dll
2012-12-13 16:46 . 2012-12-14 07:17        --------        d-----w-        c:\users\Robert\AppData\Roaming\GetRightToGo
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-28 17:17 . 2011-10-28 17:26        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-12-28 17:17 . 2011-10-28 15:09        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-12-27 10:01 . 2011-10-28 15:55        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-15 09:29 . 2011-10-28 15:09        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-12-14 15:49 . 2012-08-30 15:25        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-12-14 14:32 . 2011-10-28 15:09        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-12-13 18:28 . 2011-10-17 12:47        67413224        ----a-w-        c:\windows\system32\MRT.exe
2012-12-02 14:42 . 2012-12-02 14:42        53248        ----a-r-        c:\users\Robert\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-02 14:41 . 2012-12-02 14:41        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2012-11-22 09:13 . 2012-12-03 17:57        9271352        ----a-w-        c:\windows\system32\nvcuda.dll
2012-11-22 09:13 . 2012-12-03 17:57        841272        ----a-w-        c:\windows\SysWow64\nvumdshim.dll
2012-11-22 09:13 . 2012-12-03 17:57        7819016        ----a-w-        c:\windows\SysWow64\nvcuda.dll
2012-11-22 09:13 . 2012-12-03 17:57        7446192        ----a-w-        c:\windows\system32\nvopencl.dll
2012-11-22 09:13 . 2012-12-03 17:57        6149904        ----a-w-        c:\windows\SysWow64\nvopencl.dll
2012-11-22 09:13 . 2012-12-03 17:57        2784104        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-11-22 09:13 . 2012-12-03 17:57        2606440        ----a-w-        c:\windows\SysWow64\nvcuvid.dll
2012-11-22 09:13 . 2012-12-03 17:57        25256296        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-11-22 09:13 . 2012-12-03 17:57        245432        ----a-w-        c:\windows\system32\nvinitx.dll
2012-11-22 09:13 . 2012-12-03 17:57        2226024        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-11-22 09:13 . 2012-12-03 17:57        20335976        ----a-w-        c:\windows\SysWow64\nvoglv32.dll
2012-11-22 09:13 . 2012-12-03 17:57        201136        ----a-w-        c:\windows\SysWow64\nvinit.dll
2012-11-22 09:13 . 2012-12-03 17:57        1874280        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll
2012-11-22 09:13 . 2012-12-03 17:57        18045968        ----a-w-        c:\windows\system32\nvd3dumx.dll
2012-11-22 09:13 . 2012-12-03 17:57        17559912        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2012-11-22 09:13 . 2012-12-03 17:57        11527528        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-11-22 09:13 . 2012-10-10 20:23        1504104        ----a-w-        c:\windows\system32\nvdispgenco64.dll
2012-11-22 09:13 . 2012-10-10 20:23        2816824        ----a-w-        c:\windows\system32\nvapi64.dll
2012-11-22 09:13 . 2012-10-10 20:23        983936        ----a-w-        c:\windows\system32\nvumdshimx.dll
2012-11-22 09:13 . 2012-10-10 20:23        14990512        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2012-11-22 09:13 . 2012-10-10 20:23        12578728        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2012-11-22 09:13 . 2012-10-10 20:22        2496976        ----a-w-        c:\windows\SysWow64\nvapi.dll
2012-11-22 09:13 . 2012-10-10 20:22        26811240        ----a-w-        c:\windows\system32\nvoglv64.dll
2012-11-22 09:13 . 2012-10-10 20:22        15122280        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2012-11-22 09:13 . 2011-10-17 16:47        1805672        ----a-w-        c:\windows\system32\nvdispco64.dll
2012-11-22 05:17 . 2012-11-18 10:57        3635277        ----a-w-        c:\windows\system32\nvcoproc.bin
2012-11-22 05:17 . 2011-10-17 16:47        63336        ----a-w-        c:\windows\system32\nvshext.dll
2012-11-22 05:17 . 2011-10-17 16:47        890216        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-11-22 05:17 . 2011-10-17 16:47        2557800        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-11-22 05:17 . 2011-10-17 16:47        118120        ----a-w-        c:\windows\system32\nvmctray.dll
2012-11-22 05:17 . 2011-10-17 16:47        3311464        ----a-w-        c:\windows\system32\nvsvc64.dll
2012-11-22 05:17 . 2011-10-17 16:47        6223208        ----a-w-        c:\windows\system32\nvcpl.dll
2012-11-21 17:27 . 2012-11-21 17:27        438632        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2012-10-16 08:38 . 2012-11-28 17:01        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 17:01        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 17:01        561664        ----a-w-        c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 06:14        55296        ----a-w-        c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 06:14        226816        ----a-w-        c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 06:14        44032        ----a-w-        c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 06:14        193536        ----a-w-        c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-08-17 218880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-10-28 16008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-12 283200]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-21 382824]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-08 122856]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-08 369640]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-01 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-01 29528]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-10-28 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-10-28 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-10-28 22408]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2011-10-28 30728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 10:01]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157812262-3232227552-3022356683-1001Core.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-27 12:52]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157812262-3232227552-3022356683-1001UA.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-27 12:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Mozilla Firefox 8.0.1 (x86 de) - c:\users\Robert\AppData\Local\Temp\7zS388D.tmp\uninstall\helper.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-07  15:53:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-07 14:53
ComboFix2.txt  2013-01-07 14:38
ComboFix3.txt  2013-01-03 18:46
.
Vor Suchlauf: 18 Verzeichnis(se), 92.895.821.824 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 92.806.520.832 Bytes frei
.
- - End Of File - - EBAD1AD8008A740698F2C2BC831267D3
Hochladen war erfolgreich
und einmal Malwarebytes
Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Robert :: DOWNBOY-PC [Administrator]

07.01.2013 16:24:37
mbam-log-2013-01-07 (16-24-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 251892
Laufzeit: 1 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Psychotic 08.01.2013 07:39
Wie verhält sich der Rechner?

Hogrebe05 08.01.2013 13:51
Also ich hatte den Rechner gestern nicht mehr neu gestartet. Aber er hat sich vorher auch nicht besonders schlimm verhalten. Außer das beim starten immer eine kleine Fehlermeldung wegen einer wsdddssdsdsd.exe (oder so ähnlich) war. Werde es nachher direkt ausprobieren wenn ich nach Haus komme. Denke mal das wird so gegen 19 Uhr sein. Falls diese dann nicht mehr auftaucht denkst du das dann alles in Ordnung soweit ist?
Oder sollten wir noch einmal irgendetwas drüber laufen lassen?

Psychotic 08.01.2013 15:09
Das ist der Starteintrag des Trojaners...er selbst ist Geschichte, aber weil die Datei fehlt, motzt Windows. Kriegen wir hin...


OTL



Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Hogrebe05 08.01.2013 19:05
Also bin jetzt an dem PC und die Meldung kam nicht mehr!
Trotzdem hier die beiden OTL Files, denke mal ist besser wenn gemacht :)
OtL.TXT
Code:
OTL logfile created on: 08.01.2013 18:58:07 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,04 Gb Available Physical Memory | 75,66% Memory free
15,95 Gb Paging File | 13,85 Gb Available in Paging File | 86,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 86,38 Gb Free Space | 35,40% Space Free | Partition Type: NTFS
Drive D: | 687,37 Gb Total Space | 65,96 Gb Free Space | 9,60% Space Free | Partition Type: NTFS
Drive E: | 167,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DOWNBOY-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Robert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\SDL.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Users\Robert\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Robert\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Users\Robert\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
MOD - C:\Users\Robert\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
MOD - C:\Users\Robert\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Users\Robert\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Users\Robert\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 A3 23 2D 2B E4 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.10.01 17:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.10.01 17:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.10.01 17:33:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.10.01 17:33:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.10.01 17:33:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Users\Robert\AppData\Local\Temp\7zS388D.tmp\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Users\Robert\AppData\Local\Temp\7zS388D.tmp\plugins
 
[2011.11.30 20:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions
[2012.11.22 21:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Firefox\Profiles\793hoo6h.default\extensions
[2012.11.22 21:22:57 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\firefox\profiles\793hoo6h.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Google Mail = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2013.01.07 15:51:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79960DC6-6B23-426B-BE58-1A8023912723}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.08 18:56:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2013.01.07 15:54:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.07 15:51:30 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.01.07 15:41:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Programs
[2013.01.07 15:28:38 | 005,019,184 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe
[2013.01.03 19:39:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.03 19:39:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.03 19:39:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.03 19:39:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.03 19:38:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.03 16:31:30 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Robert\Desktop\tdsskiller.exe
[2013.01.03 16:17:36 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Robert\Desktop\aswMBR.exe
[2013.01.03 16:05:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\dds.com
[2012.12.27 13:53:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.12.27 10:45:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Macromedia
[2012.12.27 10:24:34 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.20 21:35:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.20 21:35:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.20 21:35:30 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.20 21:35:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.14 15:56:55 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\My Games
[2012.12.14 15:41:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Ubisoft Game Launcher
[2012.12.14 15:32:55 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012.12.14 15:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012.12.13 19:27:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 19:27:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.13 19:27:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 19:27:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 19:27:18 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 19:27:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 19:27:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 19:27:18 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 19:27:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 19:27:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 19:27:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 19:27:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 19:27:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 19:27:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 19:27:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.13 17:49:02 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.13 17:49:02 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.13 17:49:02 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.13 17:49:02 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.13 17:49:02 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.13 17:49:02 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.13 17:49:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.13 17:49:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.13 17:49:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.13 17:49:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.13 17:49:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.13 17:49:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 17:49:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 17:49:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 17:49:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.13 17:49:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 17:49:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 17:49:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 17:49:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 17:49:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 17:49:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 17:49:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 17:49:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 17:49:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 17:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 17:49:01 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 17:49:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 17:49:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 17:49:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 17:49:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 17:49:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 17:49:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.13 17:48:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 17:48:56 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.13 17:46:33 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\GetRightToGo
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.08 18:59:57 | 001,105,404 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.08 18:59:57 | 000,748,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.08 18:59:57 | 000,270,274 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.08 18:59:57 | 000,232,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.08 18:59:57 | 000,005,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.08 18:56:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2013.01.08 18:54:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.08 18:54:00 | 2129,276,927 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.07 20:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.07 19:06:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2157812262-3232227552-3022356683-1001UA.job
[2013.01.07 16:31:26 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.07 16:31:26 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.07 15:51:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.07 15:41:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.07 15:28:11 | 005,019,184 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe
[2013.01.03 16:31:18 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Robert\Desktop\tdsskiller.exe
[2013.01.03 16:17:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Robert\Desktop\aswMBR.exe
[2013.01.03 16:04:40 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\dds.com
[2012.12.28 18:17:19 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.28 18:17:19 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.28 14:06:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2157812262-3232227552-3022356683-1001Core.job
[2012.12.27 13:53:21 | 000,002,361 | ---- | M] () -- C:\Users\Robert\Desktop\Google Chrome.lnk
[2012.12.27 11:01:35 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.27 11:01:35 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.21 06:47:29 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.15 10:29:59 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.14 15:32:57 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.14 15:32:55 | 000,001,205 | ---- | M] () -- C:\Users\Robert\Desktop\Uplay.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.03 19:39:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.03 19:39:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.03 19:39:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.03 19:39:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.03 19:39:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.27 13:53:21 | 000,002,361 | ---- | C] () -- C:\Users\Robert\Desktop\Google Chrome.lnk
[2012.12.27 13:52:22 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2157812262-3232227552-3022356683-1001UA.job
[2012.12.27 13:52:21 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2157812262-3232227552-3022356683-1001Core.job
[2012.12.27 10:24:35 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.14 15:32:55 | 000,001,205 | ---- | C] () -- C:\Users\Robert\Desktop\Uplay.lnk
[2012.08.06 16:43:49 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.15 18:38:58 | 000,010,495 | ---- | C] () -- C:\Users\Robert\Twelker_elster_2048.pfx
[2012.02.26 11:34:25 | 000,000,529 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\burnaware.ini
[2011.10.31 17:02:26 | 000,007,597 | ---- | C] () -- C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
[2011.10.28 16:09:37 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.28 16:09:36 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.17 17:18:34 | 000,038,437 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.10.17 16:18:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.10.17 16:18:21 | 000,026,272 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
OTL Extras
Code:
OTL Extras logfile created on: 08.01.2013 18:58:07 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,04 Gb Available Physical Memory | 75,66% Memory free
15,95 Gb Paging File | 13,85 Gb Available in Paging File | 86,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 86,38 Gb Free Space | 35,40% Space Free | Partition Type: NTFS
Drive D: | 687,37 Gb Total Space | 65,96 Gb Free Space | 9,60% Space Free | Partition Type: NTFS
Drive E: | 167,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DOWNBOY-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{47C9C5FA-4A3D-4094-A132-AAF76AE93B08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64A0B088-A6AA-4B70-B9F3-59D815604666}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{855256F5-6C61-4422-9334-3DA7793CA4E6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F8C2558-70EE-4008-936B-627C80BB4451}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A14C8108-EF52-4055-9AE6-293AEA196618}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B2193849-8C79-4C80-8DA4-490E0CE21DB2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C80823E9-041C-4B51-B89C-0EAA9ED7EF83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D6DD987C-D87C-4884-8012-BD1A392AE52E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD5B4777-8F10-4921-8996-4FF431C592C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059E4206-A428-472F-84BE-6980E40658F2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{06B3A8DD-8ADB-4984-918D-3338B417EFB6}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{06B76808-3DBC-455C-9623-C5422907DF5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A400FB3-9A1F-4562-A45A-2F6D6396DEC4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B6AA53C-71BD-449F-BBBD-874B05D5DF0C}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{0B8050CD-1156-4800-A21C-FBA025BC9CCF}" = protocol=6 | dir=out | app=system |
"{0C807653-1BBE-4E50-88DD-A42DC28636EA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0DB17963-7D3E-4A2B-BC03-0AA81C806520}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{144617E5-6F1B-44DF-9532-122D5336C6E3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1465531C-34E9-48DD-A907-6A64496C330F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{1D360347-91B6-4F65-A132-198B1586E4BC}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{21B922E6-67FB-4154-AA1B-EAE898D612A7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{255520FC-9308-4256-BB42-FD7C97D96F07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{27ADB2E6-C6B4-4F32-93BB-6C794A751474}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2DD5CA65-2389-43F4-BE0F-EA21A94CAC29}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2E61D7EF-B2CF-4418-991A-215F4318CEC1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3086D6FC-6C7F-4E53-8AA6-DDE3A91CA36D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{317F3F90-99CC-46D7-BAF1-81956007FD90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{392A2583-7A25-4ADE-8064-1B6AB4C66091}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39BC2EEF-EF5F-46C0-B5CB-828AFB6F2A01}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{3AE8DCCD-3B83-430D-8F1B-990EF24A2DF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{3DA57569-20B2-474A-B74C-ADF5030F8407}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{413BCE70-3024-40F5-AC79-CB62C0BDD500}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{45A0FDDB-DEBF-4EC6-AE35-32F37D1A1C25}" = protocol=6 | dir=in | app=d:\steam\steamapps\sunshinerobert\synergy\hl2.exe |
"{46DFAE5E-A99A-4115-964A-2BB283C956B2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{487DE437-D26D-4FBD-AEF2-2C03FD4CFDD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50AFF05C-388C-474E-BFD9-B6FCF6653AE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{51700906-0CB3-4AAD-BAE3-43FED4AD2FC0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{5370201B-B5CC-4185-9C5A-11CE5198070B}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{54A7B5D1-6332-4EE3-A610-C91A2F135A20}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{57008458-91B5-4F09-9FF5-BCCB525A08E2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{5948CC57-C2DD-456D-B100-18BF57DFD523}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{59BB37DC-D039-4FA9-B0B6-519AE6D27C35}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{5EEB55C0-A239-46D3-95A9-410B1C38940E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{60624EBC-7EE1-4458-A61E-FAC9B5384230}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{644E6ED2-4831-48A6-8172-53A0D76472FD}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackops.exe |
"{71ADB476-7146-4621-BA62-421DCDD98334}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{7643C3E1-751B-4338-B80B-90886242EAE6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{7787F784-FB9B-4898-AC0C-1CA16AC79248}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{7B97B324-9471-4CCC-B783-ACBA7ED197CE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{84D4C278-C201-4B6D-9AFE-F051C73E1002}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{880D4564-1845-4246-B8C4-8FA8D7BCFB4E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{89B2F81B-8BE0-45E8-B9EC-562BF2A05D63}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{8E592C7E-DC63-4A85-86AA-1D35E1C8DAE5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackops.exe |
"{91F7A159-74F6-48B4-B08F-AFA617810E67}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{93C46D24-9EE8-4A99-8436-9269EBAE3B2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{94A034AC-E1BD-4926-A9DF-F6AE2594991D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96C475E9-B70C-4212-97C5-1C6B1EE2D338}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{979ADBAA-E501-4088-99B5-D4CEE8C96D4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{991E9DD4-A8DB-49FF-A382-DA3448050AEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{994757B4-586F-4327-BA29-6F683F9E536F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{A0333636-9FB8-4294-8EEC-DB3C3FC35D5C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe |
"{A264E0A3-6286-4A6B-A79B-DFE7C47DFF3E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{A30EDA89-58E4-4E51-9DD2-CC4E17032820}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A386299D-7F26-42B0-9F1C-C6E2A7BC173B}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe |
"{A48ADA0E-94F8-43C4-BCA3-2E1B4CB6CD9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A49CCAD3-9D08-4DEE-BC07-868921120206}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{A93D185C-5093-4B75-ACD2-8D26A3501B77}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A9D04956-E297-47BF-860C-44EF32777F62}" = protocol=6 | dir=in | app=d:\steam\steamapps\sunshinerobert\counter-strike source\hl2.exe |
"{AC78A8CE-C964-4A53-868E-F9D5999F6946}" = protocol=17 | dir=in | app=d:\steam\steamapps\sunshinerobert\counter-strike source\hl2.exe |
"{B0CE8461-C57F-4BC6-84DF-2735D1C49FBF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B45F92E6-79D7-4B13-AD27-C37D092C380E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe |
"{B71C7384-A4B0-4913-AD80-2EE13E1E0C5A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BAD677D8-F1B3-43CE-87CA-260B069DAD5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBE2A515-88D2-4DE6-AE9F-5D1E16461949}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC2032DA-E5CE-4588-971A-C6874F0F0B89}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{BF6AF27C-548A-4BAC-BDE9-330953FEE2E6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3F8AB58-60FC-44D9-AB76-4276F1CB5732}" = protocol=17 | dir=in | app=d:\steam\steamapps\sunshinerobert\synergy\hl2.exe |
"{C63DBCCB-7FB2-4548-97B3-042487C37EE9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C79B8660-1C2B-4350-AFB2-3EE0A084CE11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{CA270448-DE0B-4B18-99DC-773AC4EB2695}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC391F58-9AA3-4862-88E4-47E5815A001C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{CC41E0D6-5F43-4AA1-B5BA-47E5228FE97B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe |
"{CDBF87E8-1745-4AE0-993D-A69B73AADC08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D4B240B9-0D55-4A44-970A-00C7BC9357BA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D51E20C2-1166-4B6A-AC97-01EBB1A46985}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{DACF3E73-0747-43E1-9BFA-9B00CB1ECD68}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DF0C4471-8AC2-4339-BE32-32A1CAE9AD8B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E112AEEE-0A4F-4BE5-A55C-F304EAA8D5FD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E65CA540-C155-4C91-9480-03D82F0F409D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{E85A8103-377F-4561-AAAB-CD33EA4DB2F1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E886D71F-D58E-4397-BFF0-2E233E7C87C6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E9BB9960-2BF4-4A83-830B-089351CDC4F1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EC621D82-FBCC-44DB-9963-868E97BC2D11}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{F14955DC-3B24-4053-A529-3770FB333BC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{F60F7E2A-1ACB-41B4-8BB0-89B3BA0DBE89}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FA726EFB-7892-4466-83D2-7ED125DCB924}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{FE406587-FB14-4CA1-A438-BC0B279E616D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"TCP Query User{22BAC4A4-2C9F-47A6-A55F-36759569CD65}D:\steam\steamapps\sunshinerobert\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\sunshinerobert\counter-strike source\hl2.exe |
"TCP Query User{57BADB1D-BBA2-4A99-8CF9-600EF104BEC8}D:\steam\steamapps\common\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"TCP Query User{7360277E-BE1F-458E-8A23-AA1A541EB400}D:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{92E4D5C0-0136-4C75-9D91-AA2334763C23}D:\steam\steam.exe" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"TCP Query User{BAF11516-A96F-4820-8887-BB49D6FC2676}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"UDP Query User{02372D0A-62C6-4086-A6EE-A78879EA26FA}D:\steam\steamapps\sunshinerobert\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\sunshinerobert\counter-strike source\hl2.exe |
"UDP Query User{06A5009D-1A2C-4153-86E8-AE16FD751345}D:\steam\steam.exe" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"UDP Query User{50032530-899C-4E4D-8DF9-63BEBD4308C6}D:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{5519CCBA-BCCB-47B0-B5F0-B28D24A946C7}D:\steam\steamapps\common\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"UDP Query User{A231ABB9-7ABA-416B-9FFD-74CB65893C7F}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"BurnAware Free_is1" = BurnAware Free 4.6
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"GamersFirst LIVE!" = GamersFirst LIVE!
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Spec Ops The Line_is1" = Spec Ops The Line
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.01.2013 10:55:53 | Computer Name = Downboy-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 03.01.2013 10:58:47 | Computer Name = Downboy-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 03.01.2013 10:58:47 | Computer Name = Downboy-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 03.01.2013 10:58:47 | Computer Name = Downboy-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 03.01.2013 11:04:33 | Computer Name = Downboy-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 03.01.2013 11:04:45 | Computer Name = Downboy-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 03.01.2013 11:05:04 | Computer Name = Downboy-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 03.01.2013 11:08:07 | Computer Name = Downboy-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 03.01.2013 11:08:07 | Computer Name = Downboy-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 03.01.2013 11:08:07 | Computer Name = Downboy-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
[ System Events ]
Error - 07.01.2013 10:48:49 | Computer Name = Downboy-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 07.01.2013 10:49:52 | Computer Name = Downboy-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 07.01.2013 10:49:52 | Computer Name = Downboy-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 07.01.2013 10:50:12 | Computer Name = Downboy-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 07.01.2013 10:51:17 | Computer Name = Downboy-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147014847
 
Error - 07.01.2013 10:57:30 | Computer Name = Downboy-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 07.01.2013 10:57:30 | Computer Name = Downboy-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 07.01.2013 10:57:30 | Computer Name = Downboy-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 07.01.2013 11:23:05 | Computer Name = Downboy-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147014847
 
Error - 08.01.2013 13:54:10 | Computer Name = Downboy-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147014847
 
 
< End of report >

Psychotic 09.01.2013 07:42
Sieht ganz gut aus - kontrollieren wir alles nochmal! :)


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Hogrebe05 09.01.2013 20:11
So einmal MW
Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Robert :: DOWNBOY-PC [Administrator]

09.01.2013 16:59:04
mbam-log-2013-01-09 (16-59-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 408305
Laufzeit: 29 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Qoobox\Quarantine\C\Users\Robert\wgsdgsdgdsgsd.exe.vir (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\331fd5cb-52b85284 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
und Eset
Code:
C:\Qoobox\Quarantine\[4]-Submit_2013-01-07_15.44.36.zip        JS/Agent.NID trojan
C:\Qoobox\Quarantine\C\ProgramData\dsgsdgdsgdsgw.js.vir        JS/Agent.NID trojan
C:\Qoobox\Quarantine\C\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk.vir        Win32/Reveton.J trojan
C:\Users\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\30fef811-723fa048        a variant of Java/Exploit.Agent.NEE trojan
C:\Users\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7e0277f6-1b4c7c91        Java/Exploit.CVE-2012-1723.AT trojan
C:\Users\Robert\Documents\Untitled[3].pdf        JS/Exploit.Pdfka.PTI trojan
C:\Users\Robert\Documents\Untitled[4].pdf        JS/Exploit.Pdfka.PTI trojan
C:\Users\Robert\Documents\Untitled[5].pdf        JS/Exploit.Pdfka.PUN trojan
D:\DOWNBOY-PC\Backup Set 2012-05-08 174512\Backup Files 2012-06-25 161947\Backup files 6.zip        Java/Exploit.CVE-2012-0507.BV trojan
D:\DOWNBOY-PC\Backup Set 2012-07-25 191253\Backup Files 2012-07-25 191253\Backup files 16.zip        Java/Exploit.CVE-2012-0507.BV trojan
D:\DOWNBOY-PC\Backup Set 2012-07-25 191253\Backup Files 2012-07-30 182720\Backup files 4.zip        multiple threats
D:\DOWNBOY-PC\Backup Set 2012-07-25 191253\Backup Files 2012-08-12 212545\Backup files 3.zip        Java/Exploit.CVE-2012-1723.AT trojan
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-09-17 175200\Backup files 12.zip        multiple threats
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-10-16 074941\Backup files 1.zip        JS/Exploit.Pdfka.PTI trojan
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-10-16 074941\Backup files 2.zip        multiple threats
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-10-29 074202\Backup files 1.zip        JS/Exploit.Pdfka.PTI trojan
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-11-05 073359\Backup files 1.zip        JS/Exploit.Pdfka.PUN trojan
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-12-25 182539\Backup files 1.zip        Win32/Reveton.J trojan
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-12-30 190002\Backup files 3.zip        multiple threats

Psychotic 10.01.2013 10:26
Fix mit OTL

Code:
:FILES
C:\Users\Robert\Documents\Untitled[3].pdf
C:\Users\Robert\Documents\Untitled[4].pdf
C:\Users\Robert\Documents\Untitled[5].pdf
D:\DOWNBOY-PC\Backup Set 2012-05-08 174512\Backup Files 2012-06-25 161947\Backup files 6.zip
D:\DOWNBOY-PC\Backup Set 2012-07-25 191253\Backup Files 2012-07-25 191253\Backup files 16.zip
D:\DOWNBOY-PC\Backup Set 2012-07-25 191253\Backup Files 2012-07-30 182720\Backup files 4.zip
D:\DOWNBOY-PC\Backup Set 2012-07-25 191253\Backup Files 2012-08-12 212545\Backup files 3.zip
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-09-17 175200\Backup files 12.zip
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-10-16 074941\Backup files 1.zip
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-10-16 074941\Backup files 2.zip
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-10-29 074202\Backup files 1.zip
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-11-05 073359\Backup files 1.zip
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-12-25 182539\Backup files 1.zip
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-12-30 190002\Backup files 3.zip
:COMMANDS
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Hogrebe05 10.01.2013 16:48
So hier die Logfile von OTL :)
Code:
All processes killed
========== FILES ==========
C:\Users\Robert\Documents\Untitled[3].pdf moved successfully.
C:\Users\Robert\Documents\Untitled[4].pdf moved successfully.
C:\Users\Robert\Documents\Untitled[5].pdf moved successfully.
D:\DOWNBOY-PC\Backup Set 2012-05-08 174512\Backup Files 2012-06-25 161947\Backup files 6.zip moved successfully.
D:\DOWNBOY-PC\Backup Set 2012-07-25 191253\Backup Files 2012-07-25 191253\Backup files 16.zip moved successfully.
D:\DOWNBOY-PC\Backup Set 2012-07-25 191253\Backup Files 2012-07-30 182720\Backup files 4.zip moved successfully.
D:\DOWNBOY-PC\Backup Set 2012-07-25 191253\Backup Files 2012-08-12 212545\Backup files 3.zip moved successfully.
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-09-17 175200\Backup files 12.zip moved successfully.
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-10-16 074941\Backup files 1.zip moved successfully.
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-10-16 074941\Backup files 2.zip moved successfully.
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-10-29 074202\Backup files 1.zip moved successfully.
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-11-05 073359\Backup files 1.zip moved successfully.
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-12-25 182539\Backup files 1.zip moved successfully.
D:\DOWNBOY-PC\Backup Set 2012-09-17 175200\Backup Files 2012-12-30 190002\Backup files 3.zip moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Downboy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Robert
->Temp folder emptied: 481653 bytes
->Temporary Internet Files folder emptied: 2085460899 bytes
->Java cache emptied: 1643395 bytes
->FireFox cache emptied: 1129597511 bytes
->Google Chrome cache emptied: 199287445 bytes
->Flash cache emptied: 53906 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32682034 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes
RecycleBin emptied: 4732416 bytes
 
Total Files Cleaned = 3.328,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01102013_164020

Files\Folders moved on Reboot...
C:\Users\Robert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Psychotic 11.01.2013 08:08
Dann sind wir durch! :)



Schritt 1: Java update


Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme, speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version herunterladen.
  • Wenn die Installation beendet wurde, gehe zu Start --> Systemsteuerung --> Programme und Funktionen (bzw. Software unter Windows XP) und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu, sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart:
  • Öffne erneut die Systemsteuerung --> Programme und Funktionen und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen ....
  • Gehe sicher, dass überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.





Schritt 2: Mozilla Firefox update

Dein Firefox-Browser ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:
  • Lade dir den aktuellen Firefox von hier herunter.
  • Starte das Setup und folge den Anweisungen auf dem Bildschirm.
  • Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
  • Entferne alle älteren Firefox-Versionen.
  • Melde dich umgehend, falls Schwierigkeiten auftreten.




Schritt 3: VLC-Player update


Dein VLC-Player ist veraltet. Um ihn zu aktualisieren, gehe bitte wie folgt vor:
  • Lade dir den aktuellen Player von hier herunter.
  • Starte das Setup und folge den Anweisungen auf dem Bildschrim. Setup wird die alte Version des Players erkennen und dich fragen, ob vor der Installation die alte Version entfernt werden soll. Bestätige dies mit Ja.
  • Nachdem die alte Version des Programms entfernt wurde, startet die Neuinstallation. Belasse alles bei den vorgegebenen Werten - es sei denn, du willst daran etwas ändern (z.B. die Dateizuordnung o.ä.).
  • Melde dich umgehend, falls Schwierigkeiten auftreten.






ComboFix

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
Combofix /Uninstall
http://larusso.trojaner-board.de/Images/CFuninstall.jpg

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.




OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.




adwcleaner

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Hier noch ein paar Tipps zur Absicherung deines Systems.

Aktualität

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.
Antviren-Software
  • Gehe sicher immer eine Antiviren-Software installiert zu haben und dass diese auch up to date ist. Auch der beste Virenscanner ist sinnlos, wenn er nicht aktuell ist!
    Eine Auswahl kostenloser Antivirenprogramme:
Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.
Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner, um diesen zu AdBlockPlus hinzuzufügen, reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.
Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Sei mißtrauisch in sozialen Netzwerken (z.B. MeinVZ, Facebook, etc) - auch, wenn Nachrichten/Einträge scheinbar von einem deiner Freunde stammen, bedeutet das noch lange nicht, dass sie unschädlich sind (Malware kann seinen Rechner verseucht haben).
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

Hogrebe05 11.01.2013 09:03
Hi
ich habe jetzt zwar alles geupdatet aber die bereinigungstools noch nicht runter geworfen da noch ein Problem für mich offen steht, wo ich fragen wollte, ob du mir noch bei helfen könntest.
Ich habe ja am Anfang geschrieben das Kaspersky nicht startet :( und das tut es leider immernoch nicht. Kann ich da mal irgenwas probieren oder so?

Und trotzdem schonmal vielen vielen Dank

noch ein kleiner edit. Also wenn ich Kaspersky mit Doppelklick starte kommt nur das Vorbanner wo die ganze Zeit steht wird geladen. Das läd aber auch zwei Stunden ohne was zu machen.

Psychotic 12.01.2013 10:39
Versuche, eine Reparatur durchzuführen.
Dies geht über die Funktion "Programme und Funktionen" in der Systemsteuerung.

Hogrebe05 17.01.2013 17:49
Hallo ich bins wieder. sorry das es länger gedauert hat. War die letzten Tage leider nicht zu Hause. Also es gibt dort kein reparieren knopf. Habe es mit deinstallieren probiert, aber leider lässt es sich nicht deinstallieren. Bin leider völlig ratlos :(

Psychotic 21.01.2013 06:50
Erstell hier ein Thema, da wird dir geholfen! ;)

Beachte, dass du auch dort Informationen einbringen musst.

Psychotic 28.01.2013 06:48
Schön, dass wir helfen konnten! :abklatsch:


Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:50 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130